/**
* @param stdClass $params
* @return int
*/
public function login(stdClass $params)
{
//-------------------------------------------
// Check that the username do not pass
// the maximum limit of the field.
//
// NOTE:
// If this condition is met, the user did not
// use the logon form. Possible hack.
//-------------------------------------------
if (strlen($params->authUser) >= 26) {
return array('success' => false, 'error' => 'Possible hack, please use the Logon Screen.');
}
//-------------------------------------------
// Check that the username do not pass
// the maximum limit of the field.
//
// NOTE:
// If this condition is met, the user did not
// use the logon form. Possible hack.
//-------------------------------------------
if (strlen($params->authPass) >= 11) {
return array('success' => false, 'error' => 'Possible hack, please use the Logon Screen.');
}
//-------------------------------------------
// Simple check username
//-------------------------------------------
if (!$params->authUser) {
return array('success' => false, 'error' => 'The username field can not be in blank. Try again.');
}
//-------------------------------------------
// Simple check password
//-------------------------------------------
if (!$params->authPass) {
return array('success' => false, 'error' => 'The password field can not be in blank. Try again.');
}
//-------------------------------------------
// Find the AES key in the selected site
// And include the rest of the remaining
// variables to connect to the database.
//-------------------------------------------
$_SESSION['site']['site'] = $params->choiseSite;
$fileConf = "../sites/" . $_SESSION['site']['site'] . "/conf.php";
if (file_exists($fileConf)) {
/** @noinspection PhpIncludeInspection */
include_once $fileConf;
$mitos_db = new dbHelper();
$err = $mitos_db->getError();
if (!is_array($err)) {
return array('success' => false, 'error' => 'For some reason, I can\'t connect to the database.');
}
// Do not stop here!, continue with the rest of the code.
} else {
return array('success' => false, 'error' => 'No configuration file found on the selected site.<br>Please contact support.');
}
//-------------------------------------------
// Convert the password to AES and validate
//-------------------------------------------
$aes = new AES($_SESSION['site']['AESkey']);
$ret = $aes->encrypt($params->authPass);
//-------------------------------------------
// Username & password match
//-------------------------------------------
$mitos_db->setSQL("SELECT id, username, fname, mname, lname, email\n FROM users\n \t\t WHERE username = '******'\n \t\t AND password = '******'\n \t\t AND authorized = '1'\n \t\t LIMIT 1");
$rec = $mitos_db->fetch();
if ($rec['username'] == null) {
return array('success' => false, 'error' => 'The username or password you provided is invalid.');
} else {
//-------------------------------------------
// Change some User related variables and go
//-------------------------------------------
$_SESSION['user']['name'] = $rec['title'] . " " . $rec['lname'] . ", " . $rec['fname'] . " " . $rec['mname'];
$_SESSION['user']['id'] = $rec['id'];
$_SESSION['user']['email'] = $rec['email'];
$_SESSION['user']['auth'] = true;
//-------------------------------------------
// Also fetch the current version of the
// Application & Database
//-------------------------------------------
$sql = "SELECT * FROM version LIMIT 1";
$mitos_db->setSQL($sql);
$rec = $mitos_db->fetch();
$_SESSION['ver']['codeName'] = $rec['v_tag'];
$_SESSION['ver']['major'] = $rec['v_major'];
$_SESSION['ver']['rev'] = $rec['v_patch'];
$_SESSION['ver']['minor'] = $rec['v_minor'];
$_SESSION['ver']['database'] = $rec['v_database'];
$_SESSION['lang']['code'] = $params->lang;
return array('success' => true);
}
}
array_push($rows, $row);
}
break;
case "insuranceNumbers":
break;
case "x12Partners":
break;
}
print_r(json_encode(array('totals' => $total, 'row' => $rows)));
exit;
case 'POST':
// *************************************************************************************
// Get last "id" add 1 and use $new_id to insert the new data
// *************************************************************************************
$mitos_db->setSQL("SELECT id FROM pharmacies ORDER BY id DESC");
$prec = $mitos_db->fetch();
$mitos_db->setSQL("SELECT id FROM insurance_companies ORDER BY id DESC");
$irec = $mitos_db->fetch();
$new_id = max($prec['id'], $irec['id']) + 1;
// *************************************************************************************
// Validate and pass the POST variables to an array
// This is the moment to validate the entered values from the user
// although Sencha EXTJS make good validation, we could check again
// just in case
// *************************************************************************************
switch ($_GET['task']) {
case "pharmacy":
$row['id'] = $new_id;
$row['name'] = $data['name'];
$row['transmit_method'] = $data['transmit_method'];
$row['email'] = $data['email'];
$data = $foo['row'];
$start = !$_REQUEST["start"] ? 0 : $_REQUEST["start"];
$limit = !$_REQUEST["limit"] ? 30 : $_REQUEST["limit"];
switch ($_SERVER['REQUEST_METHOD']) {
case 'GET':
$mitos_db->setSQL("SELECT *\n\t\t\t\t FROM users\n\t\t\t\t WHERE users.authorized = 1 OR users.username != ''\n \t\t ORDER BY username\n \t\t LIMIT {$start},{$limit}");
$total = $mitos_db->rowCount();
$rows = array();
foreach ($mitos_db->execStatement(PDO::FETCH_ASSOC) as $row) {
$row['password'] = $aes->decrypt($row['password']);
$row['pwd_history1'] = $aes->decrypt($row['pwd_history1']);
$row['pwd_history2'] = $aes->decrypt($row['pwd_history2']);
$row['fullname'] = fullname($row['fname'], $row['mname'], $row['lname']);
$user_id = $row['id'];
$mitos_db->setSQL("SELECT role_id FROM acl_user_roles WHERE user_id = {$user_id} ");
$rec = $mitos_db->fetch();
$row['role_id'] = $rec['role_id'];
array_push($rows, $row);
}
print_r(json_encode(array('totals' => $total, 'row' => $rows)));
exit;
case 'POST':
$role['role_id'] = $data['role_id'];
unset($data['id'], $data['role_id'], $data['fullname']);
$data['password'] = $aes->encrypt($data['password']);
$data['authorized'] = $data['authorized'] == 'on' ? 1 : 0;
$data['active'] = $data['active'] == 'on' ? 1 : 0;
$data['calendar'] = $data['calendar'] == 'on' ? 1 : 0;
if ($data['taxonomy'] == "") {
unset($data['taxonomy']);
}